In my opinon, the main problem are the engineers and developers in the automobile industry (and not only there), who still seem to underestimate the crminal energy of the hacker scene. Everything that can be hacked, will be hacked!
In my opinion, if any catastrophe as a result of attempted hacking into the car systems is to be avoided then there should be two networks in the car. One a private network controlling the critical operation of the car - accelerator, brake, engine, windshield wipers, windows etc. This network should be totally isolated and should have a manual override for every automatic function that it handles.
The other network containing the GPS, cell phone connectivity, entertainment etc can be connected to WAN and thus would not affect the critical functionality of the car even if it is hacked.
Not bad, but keep in mind that the LED = "video on" association only works for commercial webcams. Build one yourself and you have the option of not following that standard!
It does bring up the dark side the current Arduino and Arm wave of innovation. It used to be that it took an engineer to build a system up from components. Now any reasonably smart person can assemble what you have described from $50 worth of parts - no soldering iron required.
To your point 'The little LED on your webcam is the best indicator if there is a hacker watching you through':
A 'funny' event I recently had that may show a growing weakness in the 'I'm on' light:
I was staying at a hotel recently and upon coming out of the shower I looked up to see a blue LED glowing behind the grill of the bathrooms ceiling exhaust fan. Being the paranoid inquisitive tech guy I am, I of course popped the cover off and had a look. There was a small black plastic square device with a blue LED glowing in one corner. I took a few photos of it and the name plate tag of the exhaust fan. Five minutes of 'googling' found that the unit contains a humidity sensor with dual color LED to indicate what function the fan is operating in!
From the manual 'This product also incorporates a dual color (blue and amber) LED indicator to show if it is running at humidity sensor mode or full speed mode.'
Bert I hope you are able to continue to drive that 1975 AMC Pacer you own for a long time :-)
Because, bad news, cars that are sold today are far more integrated across all systems that I think you are aware. I took a 30 second review of the systems that you can have on the 2013 Mercedes C250 that the journalist Michael Hastings was driving when he was killed last month in Los Angeles. There are at least 20 more attack vectors and active break, steering and accelerator connections available in this car than were available in the 2011 hack that Junko cited. The possibilities to take over this car are astronomical!
In the case of the Mercedes C250 2013 and your points:
1) Brake system - software controlled with at least 4 non-brake system that I count that can active any single or combo of brakes.
2) Steering column - the least hackable control in the car that I found, I could only find control that 'alerts the driver by vibrating the steering wheel' HOWEVER, the Mercedes 'Active Lane Keeping Assist' will 'If the driver continues to drift, it can apply the brake to a single rear wheel to help guide the car back into its lane.' That is as good as steering. Think about how steering could easly be overridden by wheel braking combos...
3) Throttle - I could not confirm it, but if the throttle is not fully 'control by wire' it is still fully controllable by software.
4) Shut off the engine, bad news again, more and more cars today do not require a physical key to be inserted to enable the car. In the C250, 'A leap in ease and efficiency pioneered by Mercedes-Benz, KEYLESS-GO lets you unlock, start and drive away without removing the SmartKey from your pocket or purse.'
5) 'Still, brake and steering control are independent.' Unfortunately not. And less each year. Brakes crossed the threshold several years ago and steering by wire is in more and more cars each year. There are multiple cars today we parking assist, this is steering fully under software control.
Killing someone by inserting software into anyone of a number systems in cars today to 100% possible. As I stated in my analysis of the tragic death of Mr Hasting, I doubt we have forensics resources available today to draw a conclusion. And worse, the ability to defend ones car against a possible attack is nil today.
When I was at Northrop I was given training on the hacking process. It is surprisingly (at least to me) disciplined and codified into a set of procedures. The key is to look at systems differently. Most normal people (norps) think in terms of variations of typical use models while hackers will tend to turn them upside down. Even most engineers tend to not be good at creatively misusing systems. A good test engineer is probably the closest "normal engineer" to being a white-hat hacker, since they probe the limits of systems.
That being said, hackers are not omniscient. The hacks that were done to support this paper required extraordinary physical access to the vehicles and were not necessarily robust. They would have been tough to do on a moving car. Right now the wide-area access is relatively limited, but that will increase.
The best safeguards are the simplest. The little LED on your webcam is the best indicator if there is a hacker watching you through it, since it is a simple physical connection. An "off" switch (physical, not soft) pretty much guarantees that a device is not accessible. The more complex a system is the more vulnerable it is.
Count me among those who aren't hyperventilating just yet.
The easiest way to investigate these scary stories is not so much to list all the systems that CAN be breached, but to look at the critical systems first. Ignore all the non-critical systems. They get listed just for the sake of the oooh-aaah effect.
Most cars still use vacuum-assisted hydraulic brakes with dual-redundant hydraulics. Can that be hacked? Most cars also use a mechanical steering column, even if the power assist may in some cases now be electric. Can that mechanical column be hacked?
The only thing I'd worry about here is throttle. While the brakes of any car can easily overpower the engine, if the throttle is wide open, you will lose most of the vacuum assist. So a remote attack to the throttle would be the most important one to defend against, as far as I can tell. A good defense there is to shut off the engine. If the car has a key ignition switch, being careful not to turn the key all the way and lock the steering column.
I agree that the OBD system is the most obvious path to mischief. If you make life easy for engine diagnostics, including emissions testing, there's your attack vector. Still, brake and steering control are independent.
NASA's Orion Flight Software Production Systems Manager Darrel G. Raines joins Planet Analog Editor Steve Taranovich and Embedded.com Editor Max Maxfield to talk about embedded flight software used in Orion Spacecraft, part of NASA's Mars mission. Live radio show and live chat. Get your questions ready.
Brought to you by